A new report by researchers at CyCraft has revealed that a sophisticated cyberattack campaign has been using watering hole attacks to deliver a Scanbox keylogger to victims across various industries
Watering hole attacks are a form of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers then wait for an opportunity to compromise their devices and gain access to their networks.
Scanbox is a keylogger that can capture keystrokes, screenshots, and other information from the infected devices. It can also detect the presence of security tools and antivirus software on the system.
The researchers found that the attackers used Scanbox to target organizations in Taiwan, Japan, Hong Kong, and other regions. The victims included government agencies, financial institutions, media outlets, and academic institutions.
The attackers also used dynamic DNS to hide their malicious servers and evade detection. They also leveraged SSL certificates to encrypt their communications and appear legitimate.
The researchers believe that the attackers are motivated by espionage and data theft. They also suspect that they are linked to a Chinese state-sponsored threat group known as APT27 or Emissary Panda.
The report warns that watering hole attacks are becoming more prevalent and sophisticated as cybercriminals seek to target specific groups of users with tailored malware. It advises organizations to implement advanced threat protection solutions and conduct regular security testing to prevent such attacks.